1. Home
  2. Knowledge Base
  3. Health App
  4. Privacy Policy: c-med° alpha and °Health App

Privacy Policy: c-med° alpha and °Health App

cosinuss° takes the protection of your personal data very seriously. We only collect and store data that is necessary for the purpose of the products and services described here. We treat collected data confidentially and in accordance with the statutory data protection regulations.

This privacy policy applies to the iPhone and Android °Health Apps in their beta development phase (hereinafter “app”), which can only be used in combination with the c-med° alpha. The c-med° alpha is an ear-worn class IIa medical device that continuously monitors vital signs inside the outer ear canal. It collects human biosignals, calculates vital signs and transmits the values in real time to the °Health App. This declaration explains the type, purpose and scope of data collection in the context of app use.

What data is collected when using c-med° alpha with the °Health App?

The c-med° alpha generates and sends data to the °Health App via Bluetooth Low Energy, but does not store any data itself. If there is no Bluetooth connection for a short time, the vital parameter data recorded and calculated by the sensor will be lost at that time. The app displays and saves the received data and allows you to export and share it.

A measurement can be stopped at any time by exiting the °Health app or turning off the sensor.

The following data is generated when using c-med° alpha with the °Health App:

Data generated by c-med° alpha and °Health App

Data Description Storage
Metadata
c-med° alpha

(with associated firmware)

MAC Address Media-Access-Control address Storage in Android app only & on server.
Unique Device Identification Identification number Storage in app & on server.
Firmware Version Version number of the software running on the sensor. Storage in app & on server.
Bluetooth Device Name Bluetooth name of the sensor. No storage.
Sensor Size Size of the sensor head. Storage in app & on server.
°Health App
App Version Version number of the app. Storage in app.
Logged data
°Health App
Device Error Device Errors messages from c-med° alpha. Storage in app & on server.
Recording Start Time Start time of a recording. Storage in app only.
Recording End Time End time of a recording. Storage in app only.
Relation Sensor-patient relations. Storage in app only.
Data generated
Quality indicators
Quality index Index to assess the reliability of the pulse measurement. Storage in app only.
Perfusion index An indicator of the reliability of oxygen saturation. Storage in app only.
Vital signs (calculated by c-med° alpha)
Body temperature Body temperature (°C or °F) Storage in app only.
Pulse rate Beats per minute (bpm) Storage in app only.
SpO2 Arterial oxygen saturation

of the blood (%)

Storage in app only.
Derived parameters
PPG med Photoplethysmogram filtered and resampled. Storage in app only.
Acc_deviation Indicator for accelerations. Storage in app only.
Battery Battery states of the sensor. Storage in app only.
Perfusion index tech Technical perfusion index. Storage in app only.

The device information of the c-med° alpha is stored both in the app and on the cosinuss° server located in Germany in order to track the version numbers and update & error history of the devices at any time (regulatory purposes) and to be able to provide qualified support. With the help of the stored information about the c-med° alpha in the app, a better user experience is guaranteed and this information is necessary to be able to inform the user about an update for his c-med° alpha in the app. This kind of information is stored as long as applying medical devices law requires it to be available.

The °Health App serves as an extended display of the c-med° alpha in-ear sensor. The app stores the calculated and transmitted vital parameter data of the user on the mobile device it is operating on but does not transmit it anywhere. cosinuss° has no access to the data either. It is solely your decision if and when this data is deleted from the mobile device. If you want to access the stored data, you can export it via the app as a CSV file.
Note: Patient-sensor relations are not included in the export file.

Optional user input in the °Health app

Data Description Storage
Optional user input
°Health app
Patient first name First name of patient Storage in app only.
Patient last name Last name of patient Storage in app only.
Patient birthday Date of birth of patient Storage in app only.

Optional user data input can be stored in the app to improve data interpretation. This information, however, will not be exported in the CSV file.

Please note! Cosinuss GmbH has no access to your data via the °Health App and does not transmit any data to third parties without your prior consent.

Please note! As a user, please protect the display of your data on your local receiving device against unauthorized access on your own responsibility. Please only use trusted and secured devices and services.

Data collected on the basis of granted access rights

Location data & Bluetooth

In order for you to connect your c-med° alpha to your receiving device via Bluetooth Low Energy, your operating system (usually the case with Android) will require access to your location data. The °Health App and Cosinuss GmbH have no influence on this access and do not obtain access to your location data.

Cosinuss GmbH also points out that data transmission via Bluetooth involves security risks. Complete protection of data against access by third parties is not possible.

Error analysis

Upon your optional consent, in case of a technical error, you may authorize a technical event log (log file) to be sent to Firebase Crashlytics for a specific error event. The log file is also provided to cosinuss° and helps the development team to know about errors and to find and fix the cause of them. In the log file, device information of the c-med° alpha and your mobile device, °Health App version information and settings of your operating system at the time of the error are sent along. Recorded vital signs will be explicitly not sent along. Firebase Crashlytics is operated by Google. The respective privacy policies can be found at https://privacy.google.com/ and https://firebase.google.com/support/privacy/. Submitted data may be retained in Firebase’s processing systems for an extended period of time.
When logging errors, cosinuss° explicitly only uses the Crashlytics and no other Firebase services.

Location of the cosinuss° servers

The cosinuss° servers are provided and hosted by Hetzner Online GmbH, located at Industriestrasse 25, 91710 Gunzenhausen. A corresponding data processing agreement exists between the parties. The servers are located in Nuremberg and Falkenstein (Vogtl.) in Germany. Hetzner Online GmbH is DIN ISO/IEC 27001 certified and thus offers the legally required protection for personal data.

Further services of Cosinuss GmbH

Apart from the use of the c-med° alpha and the °Health App, you will come into contact with external links and websites, e.g. when making purchases, customer service inquiries or other services of Cosinuss GmbH.
The European General Data Protection Regulation (“GDPR”) applies to all pages and services of Cosinuss GmbH. Please refer to the data protection information on the respective websites.

Information, deletion, blocking

You have the right at any time to free information about your stored data, its origin and recipient and the purpose of data processing, as well as the right to correct, block or delete this data.

For this purpose, as well as for further questions on the subject of data, you can contact the responsible office at cosinuss° at any time using the contact details provided.

Right of appeal to the competent supervisory authority

We would like to point out that you have the right to lodge a complaint with the responsible supervisory authority in the event of data protection violations.

You can contact us at:
dataprivacy@cosinuss.com

or contact our external data protection officer:
IITR Datenschutz GmbH
Dr. Sebastian Kraska
Marienplatz 2
80331 Munich
Germany
Tel: +49 89 189 173 60
Email: email@iitr.de

The supervisory authority for data protection issues is the state data protection commissioner of the federal state in which cosinuss° has its headquarters. A list of data protection officers and their contact details can be found in the following link: https://www.bfdi.bund.de/EN/Home/home_node.html

Amendment of this privacy policy

We reserve the right to change this privacy policy in compliance with the law and to request your consent again.

Responsible entity

The “responsible entity” is the entity that collects, processes or uses your personal data. The responsible entity for data processing within the scope of this app is:

Cosinuss GmbH,
Kistlerhofstraße 60,
81379 Munich,
Germany,
Phone.: +49 (0)89 740 418 32
E-Mail: dataprivacy@cosinuss.com

Governing Law

This Data privacy policy shall be governed by German or similar national law.